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AMENDMENTS TO THE CLAIMS 



1. (currently amended) A tunnel designator svstem to couple tunnel servers to 
tunnel clients executing host applications for use in a virtual private network (VPN) 
environment, said tunnel designator not being one of said tunnel servers and comprising: 

(a) a receiver that receives requests from host applications executing on the 
tunnel clients, the requests addressed to at least one of the tunnel servers the 
tunn el coup li ng system to establish a VPN tunnel; 

(b) a processor that processes the reguests . the processor also maintaining - a&4 
an indication of loads on the tunnel servers , the processor operative to 
establish the VPN tunnels by designating at least one of the tunnel servers to 
each of the requestse d tunne l: and 

(c) a tunnel traffic distributor that distributes tunnel traffic to the tunnel servers 
based at least part on the designations. 

2. (currently amended)The syst e m tunnel designator of claim 1 , and further 
comprising: 

(a) an evaluation processor that evaluates the tunnel traffic before the tunnel 
traffic distributor distributes the tunnel traffic to the tunnel servers. 

3. (currently amended)The syst e m tunnel designator of claim 2, wherein the 
evaluation performed by the evaluation processor includes at least performing security 
functions on the tunnel traffic. 

4. (currently amended) The tunnel designator syst e m of claim 1 , wherein: 

(a) the request processor establishes the VPN tunnel by, in part, associating 
each VPN tunnel with characteristics of tunnel traffic for that VPN tunnel; and 
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(b) the tunnel traffic distributor operates in part based on the associations, 
without involvement of the host applications. 

5. (new) A method of connecting a plurality of tunnel clients to a plurality of 
tunnel servers using a tunnel designator, the method comprising: 

using said tunnel designator to receive a request from one of said tunnel clients; 

determining if said request is a valid request from one of said tunnel clients; 

determining if said request is for a new tunnel, and 

if so: 

(a) opening a new tunnel to a selected one of said tunnel servers; and 

(b) modifying an address map to include information associating said selected 
one of said tunnel servers to said request; 

if not: 

(b) using said address map to route said request to a mapped tunnel server. 
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